Secure Method for Health Record Transmission to Emergency Service Personnel

ABSTRACT

An indication that an occupant has entered a vehicle is detected on a computing device. The occupant is identified based on the indication that the occupant has entered the vehicle. A health record that is associated with the occupant is accessed by the computing device. The computing device enables the accessed health record associated with the occupant to be available from a secure digital storage container. The health record associated with the occupant is provided to a second computing device registered to a first responder from the secure digital storage container based on detecting an indication that the vehicle has had a collision.

TECHNICAL FIELD

This specification relates to providing emergency services personnelwith on scene access to a victim's medical information.

BACKGROUND

In certain circumstances, an accident victim may be unable to providepertinent details about his or her medical history to emergency servicepersonnel. They may be unconscious or in shock from the accident.

SUMMARY

In an aspect, an indication that an occupant has entered a vehicle isdetected on a computing device. The occupant is identified based on thedetected indication that the occupant has entered the vehicle. A healthrecord that is associated with the occupant is accessed by the computingdevice. The computing device enables the accessed health recordassociated with the occupant to be available from a secure digitalstorage container. The state of the health record in the secure digitalstorage container is changed such that it cannot be accessed based ondetecting an indication that the occupant has exited the vehicle.

In another aspect, an indication that an occupant has entered a vehicleis detected on a computing device. The occupant is identified based onthe indication that the occupant has entered the vehicle. A healthrecord that is associated with the occupant is accessed by the computingdevice. The computing device enables the accessed health recordassociated with the occupant to be available from a secure digitalstorage container. The health record associated with the occupant isprovided to a second computing device registered to a first responderfrom the secure digital storage container based on detecting anindication that the vehicle has had a collision.

Implementations may include one or more of the following features. Forexample, the computing device may include a wireless mobile computingdevice. The computing device may include a vehicle computer. Enablingthe accessed health record associated with the occupant to be availablefrom a secure digital storage container may include enabling theaccessed health record associated with the occupant to be available froma secure digital storage container on the computing device. Enabling theaccessed health record associated with the occupant to be available froma secure digital storage container may include enabling the accessedhealth record associated with the occupant to be available from acloud-based secure digital storage container.

Detecting an indication that an occupant has entered a vehicle mayinclude performing near field communication with a mobile computingdevice, and identifying the occupant based on the indication that theoccupant has entered the vehicle may include receiving identificationinformation from the mobile computing device. Changing the state of thehealth record in the secure digital storage container such that itcannot be accessed based on detecting an indication that the occupanthas exited the vehicle may include changing the state of the healthrecord in the secure digital storage container such that it cannot beaccessed based on detecting an indication that a distance between thecomputing device and the mobile computing device has exceeded athreshold value.

Changing the state of the health record in the secure digital storagecontainer such that it cannot be accessed based on detecting anindication that the occupant has exited the vehicle may include changingthe state of the health record in the secure digital storage containersuch that it cannot be accessed based on detecting an indication thatthe computing device has lost near field communications with the mobilecomputing device. Enabling the accessed health record associated withthe occupant to be available from the secure digital storage containermay include enabling the accessed health record associated with theoccupant and a photograph of the occupant to be available from thesecure digital storage container.

Providing the health record associated with the occupant to the firstresponder from the secure digital storage container based on detectingan indication that the vehicle has had the collision may includeproviding the health record associated with the occupant accessible tothe first responder from the secure digital storage container based ondetecting an indication that an airbag in the vehicle has deployed.

Providing the health record associated with the occupant to the firstresponder from the secure digital storage container based on detectingan indication that the vehicle has had the collision may includeproviding the health record associated with the occupant to a secondcomputing device from the secure digital storage container based ondetecting an indication that the vehicle has had the collision, wherethe second computing device is identified as licensed to the firstresponder.

Based on detecting an indication that the vehicle has had the collision,the computing device may make the health record associated with theoccupant accessible by the second computing device registered to thefirst responder from the secure digital storage container, provide thehealth record associated with the occupant to the second computingdevice registered to the first responder from the secure digital storagecontainer, and change the state of the health record associated with theoccupant in the secure digital storage container such that the healthrecord associated with the occupant can no longer be accessed.

Changing the state of the health record associated with the occupant inthe secure digital storage container such that the health recordassociated with the occupant can no longer be accessed may includechanging the state of the health record associated with the occupant inthe secure digital storage container such that the health recordassociated with the occupant can no longer be accessed after apredetermined period of time from detecting the indication that thevehicle has had the collision.

Providing the health record associated with the occupant to the firstresponder from the secure digital storage container based on detectingan indication that the vehicle has had the collision may includereceiving data indicating at least one of the occupant's vital signs andproviding the data indicating at least one of the occupant's vital signsto the first responder.

In yet another aspect, an indication that a user of a computing deviceis engaged in an activity is detected on the computing device. A healthrecord associated with the user is made available to a first responderbased detecting the indication that the user of the computing device isengaged in an activity. The state of the health record associated withthe user is changed such that it cannot be accessed based on detectingan indication that the occupant is no longer engaged in the activity.

In yet another aspect, an indication that a user of a computing deviceis engaged in an activity may be detected on the computing device. Ahealth record associated with the user is made available to a firstresponder based detecting the indication that the user of the computingdevice is engaged in an activity. The health record associated with theuser is provided to a first responder based on detecting an indicationthat the user has been involved in an accident.

Implementations may include one or more of the following features. Forexample, the computing device may include a wireless mobile computingdevice. Making the health record associated with the user to beavailable from a secure digital storage container may include making thehealth record associated with the user to be available from a securedigital storage container on the computing device. Making the healthrecord associated with the user to be available from a secure digitalstorage container may include making the health record associated withthe user to be available from a cloud-based secure digital storagecontainer.

Detecting an indication that a user of the computing device is engagedin an activity may include receiving a motion input and determining thatthe received motion input indicates that the user of the computingdevice is engaged in an activity. Detecting an indication that a user ofthe computing device is engaged in an activity may include receiving aglobal positioning system (GPS) input and determining that the receivedGPS input indicates that the user of the computing device is engaged inan activity. Changing the state of the health record associated with theuser such that it cannot be accessed based on detecting an indicationthat the occupant is no longer engaged in the activity may includechanging the state of the health record in the secure digital storagecontainer such that it cannot be accessed based on detecting that theindication that the user of the computing device is engaged in anactivity has ceased.

Changing the state of the health record associated with the user suchthat it cannot be accessed may include deleting the health recordassociated with the user. Making the health record associated with theuser to be available from the secure digital storage container mayinclude making the health record associated with the user and aphotograph of the user to be available from the secure digital storagecontainer. Providing the health record associated with the user to afirst responder based on detecting an indication that the user has beeninvolved in an accident may include providing the health recordassociated with the user to a first responder based on determining thata detected motion input or GPS input indicates that the user has beeninvolved in an accident.

Providing the health record associated with the user to a firstresponder based on detecting an indication that the user has beeninvolved in an accident may include providing the health recordassociated with the occupant to a second computing device based ondetecting an indication that the user has been involved in an accident,where the second computing device being identified as licensed to thefirst responder. Providing the health record associated with the user toa first responder based on detecting an indication that the user hasbeen involved in an accident may include making the health recordassociated with the user accessible by the second computing deviceregistered to the first responder, providing the health recordassociated with the user to the second computing device registered tothe first responder and changing the state of the health recordassociated with the user such that the health record associated with theuser can no longer be accessed.

Changing the state of the health record associated with the user suchthat the health record associated with the user can no longer beaccessed may include changing the state of the health record associatedwith the user such that the health record associated with the user canno longer be accessed after a predetermined period of time fromdetecting the indication that the user has been involved in an accident.Providing the health record associated with the user to a firstresponder based on detecting an indication that the user has beeninvolved in an accident may include receiving data indicating at leastone of the occupant's vital signs, and providing the data indicating atleast one of the occupant's vital signs to the first responder.

The details of one or more implementation of the subject matterdescribed in this specification are set forth in the accompanyingdrawings and the description below. Other potential features, aspects,and advantages of the subject matter will become apparent from thedescription, the drawings, and the claims.

DESCRIPTION OF DRAWINGS

FIGS. 1A and 1B are diagrams of example systems that securely provideuser health record data to emergency service personnel.

FIGS. 2A-2D illustrate example graphical user interfaces (GUIs) of anexample user health record application.

FIGS. 3A and 3B illustrate example GUIs of an example first responderhealth record application.

FIGS. 4A and 4B are flow charts of a process for providing a user'shealth record data to emergency service personnel.

FIGS. 5A and 5B are flow charts of a process for providing a user'shealth record data to emergency service personnel.

Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

Techniques are described for securely providing an individual's healthrecord data to emergency service personnel at or in route to the sceneof an accident. The concepts described herein may provide severaladvantages to emergency personnel and accident victims. For example,implementations of the invention may provide a secure method foremergency personnel to access a user's health record information (e.g.,pre-existing health conditions, current medications, and allergies) atthe scene of an accident, while maintaining a high level of security forthe user's health data and maintaining compliance with the HealthInsurance Portability and Accountability Act (HIPPA). Implementationsmay provide emergency personnel with potentially life-saving detailsfrom the user's health history when a user is unable to provide thosedetails due to unconsciousness, shock, head injuries, or other injuriesfrom an accident.

An individual's computing device is configured to exchange electroniccommunications with other computing devices through a network (e.g., awireless cellular network, a wireless local area network (WLAN) or Wi-Finetwork, a Third Generation (3G) or Fourth Generation (4G) mobiletelecommunications network), to exchange electronic communications withother computing devices using short-range wireless communication (e.g.,Bluetooth or Near field communication (NFC)), and to receive input. Auser health record application operating on the individual's computingdevice is configured to detect indications of activities performed bythe individual and to detect indications that the individual wasinvolved in an accident. Upon detecting an indication that theindividual is engaged in an activity (e.g., a risky activity such asdriving or riding in a vehicle or a participating in sporting activity),the user health application initiates communications with a healthrecord management system causing the management system to make theindividual's health record available to emergency service personnel. Insome implementations, the user health application receives theindividual's health record data and securely stores the data in a securedigital storage container on the individual's computing device. In someimplementations, the user health application causes the managementsystem to store the individual's health record data in cloud-basedsecure digital data storage container.

In the event that the individual is involved in an accident, the userhealth record application detects an indication of the accident andprovides the individual's health record data to a first respondercomputing device operated by emergency service personnel. The userhealth application may communicate the individual's health record datato the first responder computing device via short-range wirelesscommunications (e.g., Bluetooth or NFC). The first responder computingdevice may include an emergency service health record application thatauthenticates itself to the user health record application therebyensuring communication of the individual's health record only to aproperly authenticated computing device. In some implementations, theuser health application enables communication of the data to a firstresponder computing device for a predetermined period of time afterdetection of the accident, and securely removes the health record data(from the individual's computing device, the cloud-based storage, orboth) after the predetermined period.

In the event that the individual ceases the detected activity withoutbeing involved in an accident, the user health record applicationdetects an indication that the user is no longer engaged in the activityand changes the state of the individual's health record data such thatit cannot be accessed. In some implementations, the user healthapplication securely removes the individual's health record data fromthe secure digital storage container on the individual's computingdevice. In some implementations, the user health application causes themanagement system to securely remove the individual's health record datafrom the cloud-based secure data storage container.

By way of example, assume a user, Ben, has installed a user healthrecord application on his smartphone and has configured it to access hismedical record data. When Ben goes on a mountain biking trip his userhealth record application operating on his smartphone will sense (e.g.,via motion/GPS inputs) when he has begun riding his mountain bike. Basedon this indication that Ben is involved in a risky activity (e.g.,mountain biking), the health record application will coordinate with ahealth record management system via Ben's wireless cellular networkprovider to make his health record data readily available in the eventof an accident. If Ben enjoys an accident free mountain biking trip, thehealth record application will sense (e.g., via the cessation of themotion inputs associated with mountain biking) that he is no longerriding his mountain bike. The user health record application then willcoordinate with the health record managing system to make his healthrecords inaccessible from the secure data storage container.

On the other hand, if Ben is involved in an accident, the user healthrecord application will sense (e.g., via motion/GPS inputs) that Ben hasbeen involved in an accident. The user health record application willthen make Ben's health record data accessible to emergency servicepersonnel and may both provide Ben's location to the health recordmanagement system and request emergency services. When first respondersarrive, they will be able to use an emergency services version of thehealth record application to access Ben's health records from hissmartphone (or from the health record management system in if Ben'sphone is damaged in the accident).

The user health record application, thereby, provides a high-level ofsecurity for the individual's health record data by limiting the amountof time in which the data is accessible and only providing the healthrecord information to second (first responder) computing device in theevent that an accident is detected. In addition, the user health recordapplication also provides secure way for emergency service personnel toobtain needed health record information if a victim is unable to providesuch information themselves.

FIGS. 1A and 1B are diagrams of example systems that securely provideuser health record data to emergency service personnel. Referring toFIG. 1A, the system 100 accesses a user's health record informationafter detecting that the user is engaged in an activity, makes theuser's health record information available to emergency servicespersonnel from a secure data storage container, and either provides thehealth record data to the emergency services personnel in response todetecting an indication that the user has been involved in an accidentor makes the data inaccessible in response to an indication that theuser is no longer engaged in the activity. For illustrative purposes,several elements illustrated in FIGS. 1A and 1B and described below arerepresented as monolithic entities. However, these elements each mayinclude and/or be implemented on numerous interconnected computingdevices and other components that are designed to perform a set ofspecified operations.

The system 100 includes a user computing device 102, which is incommunication with a management system 104 over one or more networks106. The user computing device 102 may be, for example, a cellulartelephone, a smartphone, a tablet computer, a personal digital assistant(PDA), or a personal medical monitoring device. The management system104 may include, for example, one or more servers 108 and one or moresecure digital data storage devices 110. The networks 106 may include awireless cellular network, a wireless local area network (WLAN) or Wi-Finetwork, a Third Generation (3G) or Fourth Generation (4G) mobiletelecommunications network, a private network such as an intranet, apublic network such as the Internet, or any appropriate combinationthereof. In addition, system 100 includes a first responder's computingdevice 112 configured to communicate with the user health recordapplication on computing device 102 and the management system 104. Thefirst responder's computing device 112 may be, for example, a cellulartelephone, a smartphone, a tablet computer, a personal digital assistant(PDA), or a laptop computer.

In more detail, computing device 102 includes a user health recordapplication configured to detect indications of activities performed bythe user and to detect indications that the user has been involved in anaccident. For example, the computing device 102 may be configured tosense motion inputs, for example, acceleration, rotation, and movement(e.g., via location services such as GPS or cellular triangulation). Anindication of an activity or an accident may include, for example, acombination of motion inputs of various magnitudes received by thecomputing device 102. For instance, when a user is mountain biking theuser health application may receive a series of acceleration/rotationinputs in rapid succession as the user rides along a trail and peddleshis mountain bike in addition to GPS input indicating a speed at whichthe user is moving. Similarly, for example, when a user is riding in acar, the user health application may receive a relatively smoothacceleration input and GPS input indicating that the user is moving at arelatively high rate of speed. Likewise, an indication of an accidentmay be, for example, a large magnitude motion input or a rapidsuccession of large magnitude motion inputs followed by no motion inputfor a period of time.

Upon detecting the indication that the user is engaged in an activity,the user health record application on computing device 102 communicateswith the management system 104 causing the management system 104 to makethe user's health record available to a first responder. The managementsystem server 108 may access health record data associated with the userfrom a health record server 114. Health record server 114 may be, forexample, a digital health record repository (e.g., a Department ofHealth and Human Services medical recorded database, user providedhealth records, and/or third party health record data storage). Themanagement system server 108 then may store the accessed health recorddata in a digital storage device 110. In some implementations, thedigital storage device 110 may be cloud-based data storage. In someimplementations, the management system server 108 may send the healthrecord data to the computing device 102 and the health record data maybe stored in a secure digital storage container on the computing device102.

If the user health application detects an indication that the user is nolonger engaged in the activity (e.g., the user has completed hismountain biking trip) and has not been involved in an accident, the userheath record application changes the state of the health record datasuch that it cannot be accessed. For example, in an implementation inwhich the health record data was stored on the computing device 102, theuser health record application may remove the data from the device.Similarly, for example, in an implementation in which the health recorddata was stored in cloud-based data storage 110, the user health recordapplication may communicate with the management system 104 causing theheath record data to be removed from the cloud-based data storage 110.By making the user's heath record data inaccessible when there is nopotential need for the data (e.g., when the user is not engaged in arisky activity), the user heath record application is able to maintain ahigh-level of security for the user's health records.

If the user health application detects an indication that the user hasbeen involved in an accident, the user health application provides theuser's health record data to a first responder computing device 112. Thefirst responder computing device 112 includes a first responder healthrecord application configured to communicate with the user health recordapplication and the management system 104. The first responder healthrecord application may establish short-range communications with theuser health record application on computing device 102. The user healthrecord application may then authenticate the emergency servicesapplication prior to sending the user's health record data.Alternatively or in addition, the first responder health recordapplication may authenticate itself to the management system 104 and themanagement system may provide the user's health record data to the firstresponder health record application, for instance, in an implementationin which the health record data was stored in cloud-based storage 110.Once the first responder health record application has received theuser's health record data, the user health record application and/or themanagement system may change the state of the user's health record datastored on the computing device 102 or in cloud-based storage 110 suchthat it can no longer be accessed (e.g., the health record data may beremoved). In some implementations, the state of the user health recorddata may be changed after a predetermined period of time from when theuser health application received an indication of the accident (e.g.,after several hours to ensure the data is made inaccessible in the eventof a false accident indication).

In some implementations, although a user's health record data is madeavailable, for example, by accessing the health record data from ahealth record server 112 and storing the health record data on thecomputing device 102, in cloud-based data storage 110, or in bothlocations, the health record data may not be accessed by any othercomputing devices unless the user health record application receives anindication that the user has been involved in an accident. In such animplementation, the occupant's health record data is made accessible toemergency service personnel only after receiving an indication that theuser has been involved in an accident. Such an implementation ensuresthe user's privacy, the security of the user's health record data, andcompliance with the Health Insurance Portability and Accountability Act(HIPPA), for example.

In some implementations, upon receipt of an indication that the user hasbeen involved in an accident, the user health application may send arequest for emergency services to an emergency services dispatch server116 (e.g., a 911 server). The request for emergency services may includea GPS location of the user's computing device 102. In someimplementation, the request for emergency services may be sent to themanagement system 104 and the management system 104 may coordinate theemergency services request with the emergency services dispatch server116. In such an implementation, the request for emergency services mayinclude the user's health record data, enabling emergency servicespersonnel to review the user's health record in route to the accidentscene.

In some implementations, the computing device 102 may be configured tomonitor a user's vital signs (e.g., pulse, body temperature, etc.). Insuch an implementation, a user's vital signs may provide additionalinput data for the user health application to use as an indication thatthe user is engaged in an activity and as an indication that the userhas been involved in an accident. In addition, upon receiving anindication that the user has been involved in an accident, the userhealth application may periodically send data indicating the user'svital signs to the management system 104 which may be made accessible toemergency personnel in route to the accident scene through the firstresponder health record application.

In some implementations, the user health record application may allow auser to manual indicate when the user is engaged in an activity and whenthe user is no longer engaged in the activity. For example, the manualindication may include a voice command, a touch screen input, or akeypad input. In addition, some implementations of the user healthrecord application may allow a user to provide a manual indication thatthe user has been involved in an accident and requires emergencyassistance. Likewise, the manual indication that a user has beeninvolved in an accident may include a voice command, a touch screeninput, or a keypad input, for example. In such an implementation, inresponse to the manual indication that the user has been involved in anaccident, the user health record application may access the user'shealth record and make the accessed health record available andaccessible to first responders. The user health record application alsomay request emergency services personnel from an emergency servicesdispatch server 116.

The management system 104 may, for example, be operated and maintainedby, the producer of the user health record application, a health careprovider or network of health care providers, a health record managingcompany, or other suitable third party. In some implementations, thehealth record server 112 may be part of the management system 104.

Referring to FIG. 1B, system 150 is similar to system 100 describedabove in reference to FIG. 1A, with the exception that system 150includes a vehicle-based computing device 152 installed in a vehicle154. The vehicle-based computing device 152 may be a module of thevehicle's 154 on-board computer system or a separate computing device,for example. The vehicle-based computing device 152 is configured tooperate a user health record application and to communicate with otherelectronic devices using short-range communications (e.g., Bluetooth orNFC). In addition, the vehicle-based computing device 152 may beconfigured to exchange electronic communications with other computingdevices through a network (e.g., a wireless cellular network, a wirelesslocal area network (WLAN) or Wi-Fi network, a Third Generation (3G) orFourth Generation (4G) mobile telecommunications network).

The vehicle-based computing device 152 detects an indication that anoccupant has entered the vehicle 154 and identifies the occupant basedon the indication. For example, the vehicle-based computing device 152may establish short-range communication with the occupant's computingdevice 102 when the occupant enters the vehicle. The vehicle-basedcomputing device 152 may then indicate to the occupant's computingdevice 102 that the vehicle-based computing device is operating a userhealth application and as such it is capable of storing the user'shealth record data. The health record application on the occupant'scomputing device 102 then may provide the occupant's identificationinformation to the vehicle-based computing device 152.

Upon detecting the indication that the occupant has entered the vehicle154 and identifying the occupant, the vehicle-based computing device 152then access the occupant's health record data. In some implementations,the vehicle-based computing device accesses the occupant's health recorddata from the management system 104 through networks 106. The managementsystem server 108 may access health record data associated with the userfrom a health record server 114. In some implementations, thevehicle-based computing device 152 may access the occupant's healthrecord data by requesting that the computing device 102 retrieve theoccupant's health record data through the management system 104.

The accessed health record data is then made available to emergencyservices personnel from a secure digital storage container. The accessedhealth record data may be stored in the vehicle-based computing device152, for example. In some implementations, the management system server108 then may store the accessed health record data in a digital storagedevice 110, for example. In some implementations, the digital storagedevice 110 may be cloud-based data storage.

If the vehicle-based computing device 152 detects an indication that theoccupant has exited the vehicle 154 (e.g., based on loss of short-rangecommunication with computing device 102 or based on a range to computingdevice 102 exceeding a threshold distance value) and that the vehicle154 has not been involved in an accident, the vehicle-based computingdevice 152 changes the state of the health record data such that itcannot be accessed. For example, in an implementation in which thehealth record data was stored on the vehicle-based computing device 152,the user health record application may remove the data from the device.Similarly, for example, in an implementation in which the health recorddata was stored in cloud-based data storage 110, the vehicle-basedcomputing device 152 may communicate with the management system 104(either directly through networks 106 or by through the occupantscomputing device 102) causing the heath record data to be removed fromthe cloud-based data storage 110. By making the user's heath record datainaccessible when there is no potential need for the data (e.g., whenthe user is not engaged in a risky activity), the user heath recordapplication is able to maintain a high-level of security for the user'shealth records.

If the vehicle-based computing device 152 detects an indication that thevehicle 154 has been involved in an accident (e.g., based on receivingan indication that airbags have deployed), the vehicle-based computingdevice 152 provides the occupant's health record data to a firstresponder computing device 112. The first responder computing device 112includes an emergency services health record application configured tocommunicate with the vehicle-based computing device 152 and themanagement system 104. The emergency services health record applicationmay establish short-range communications with the user health recordapplication on vehicle-based computing device 152. The user healthrecord application on the vehicle-based computing device 152 may thenauthenticate the emergency services application prior to sending theuser's health record data. Alternatively or in addition, the emergencyservice application may authenticate itself to the management system 104and the management system may provide the user's health record data tothe emergency services application, for instance, in an implementationin which the health record data was stored in cloud-based storage 110.Once the emergency services application has received the user's healthrecord data, the user health record application and/or the managementsystem may change the state of the user's health record data stored onthe vehicle-based computing device 152 or in cloud-based storage 110such that it can no longer be accessed (e.g., the health record data maybe removed). In some implementations, the state of the user healthrecord data may be changed after a predetermined period of time fromwhen the user health application received an indication of the accident(e.g., after several hours to ensure the data is made inaccessible inthe event of a false indication).

In some implementations, although a user's health record data is madeavailable, for example, by accessing the health record data from ahealth record server 112 and storing the health record data on thevehicle-based computing device 152, in cloud-based data storage 110, orin both locations, the health record data may not be accessed by anyother computing devices unless the user health record applicationreceives an indication that the vehicle 154 has been involved in anaccident. In such an implementation, the occupant's health record datais made accessible to emergency service personnel only after receivingan indication that the vehicle 154 has been involved in an accident.Such an implementation ensures the user's privacy and the security ofthe user's health record data.

In some implementations, upon receipt of an indication that the vehicle154 has been involved in an accident, the user health application on thevehicle-based based computing device 152 may send a request foremergency services to an emergency services dispatch server (e.g., a 911server). The request for emergency services may include a GPS locationof the vehicle 154. In some implementation, the request for emergencyservices may be sent to the management system 104 and the managementsystem 104 may coordinate the emergency services request with theemergency services dispatch server 114. In such an implementation, therequest for emergency services may include the user's health recorddata, enabling emergency services personnel to review the user's healthrecord in route to the accident scene.

In some implementations, the vehicle-based computing device 152 may beconfigured to receive data indicating the occupant's vital signs (e.g.,pulse, body temperature, etc.), for example, from the occupant'scomputing device 102. In such an implementation, upon receiving anindication that the user has been involved in an accident, thevehicle-based computing device 152 may periodically send data indicatingthe user's vital signs to the management system 104 which may be madeaccessible to emergency personnel in route to the accident scene throughthe first responder health record application.

Similar to system 100 above, the management system 104 may, for example,be operated and maintained by, the producer of the user health recordapplication, a health care provider or network of health care providers,a health record managing company, or other suitable third party. In someimplementations, the health record server 112 may be part of themanagement system 104.

FIGS. 2A-2D illustrate example graphical user interfaces (GUIs) of anexample user health record application. In the example shown in FIG. 2A,the GUI 200, an example user health record application settings GUI,includes a name entry text box 202, a social security entry text box204, an insurance provider entry text box 206, and an insurance policynumber entry text box 208. The data entered in text boxes 202, 204, 206,and 208 may be used, for example, to identify the user and access theuser's health record data or may be provided to the first responderswith the health record data. In addition, the GUI 200 includes aphotograph of the user 210. For example, the GUI 200 may allow the userto select a personal photograph from the user's digital photo library,to take a personal photograph using a camera located on the computingdevice 102, or the photograph may have been accessed as part of theuser's health record data. The health record application may, in someimplementations, provide the user's photograph to first responders alongwith the user's health record data to enable the first responders toidentify the user from among multiple victims involved in an accident.GUI 200 also includes a selectable control 212 to establish a connectionwith a medical monitoring device, for example, to monitor the user'svital signs. In addition GUI 200 may allow a user to scroll up or downdisplaying additional user settings. For instance FIG. 2B, describedbelow, illustrates additional example user settings for a user healthrecord application that may be accessed by scrolling GUI 200.

In the example shown in FIG. 2B, GUI 220, a continuation of the userhealth application settings GUI, includes a selectable control 212 toestablish a connection with a medical monitoring device, for example, tomonitor the user's vital signs and a selectable list 222 of personalhigh risk activities (e.g., mountain biking, hiking, rock climbing,flying, biking, and boating). The user health record application mayassociate particular motion inputs with each activity listed inselectable list 222. The user health record application may then use aparticular user's selection of one or more activities in the selectablelist 222 to calibrate various activity indication profiles used todetermine when a series of received motion/GPS inputs indicate that theuser is engaged in an activity to trigger accessing the user's healthrecord as described above in reference to FIG. 1A, for example.

In the example shown in FIG. 2C, the GUI 240 includes a notificationwindow 242 informing a user that the health record application isattempting to link with a vehicle-based computing device 152. Anotification window 242 may be displayed, for example, in relation tosystem 150 described above when an occupant enters or exits a vehicle154. The notification window 242 may include various messagescommunicating to a user the status of the health record applicationand/or the status of communications with a vehicle-based computingdevice 152.

In the example shown in FIG. 2D, the GUI 260, an example health recordapplication activity plan GUI, includes an activity dropdown selectionbox 262, a location drop down selection box 264, an expected returndate/time dropdown selection box 266, and a pair of radio buttons 268.The activity plan GUI 260 allows a user to record a planned activityahead of time. The user's activity plan may be used to help find theuser in the event of an accident. For example, if the user is planning ahiking trip, the user may select hiking from the activity dropdownselection box 262, may enter or select the appropriate location (e.g.,Chimney Rock in Shenandoah National Park) in the location dropdownselection box 264, and may enter or select the date and time the userexpects to return in the expected return date/time dropdown selectionbox 266. Radio buttons 268 may allow a user to select between having theuser health record application detect when the user begins the activityor manual indicating when the user begins the activity.

When the user begins the planned activity, the user health recordapplication may cause the user's health record to be made available tofirst responders for the duration indicated by the user's activity planregardless of the motion inputs received during that time period. Inaddition, the user heath record application may send the user's activityplan to the management system 104. This may be advantageous if the userwill be in an area with minimal network connectivity, for example.Furthermore, if the user has not returned within a reasonable periodfrom the expected return date (e.g., as indicated by GPS on thecomputing device 102) the management system 104 may request emergencyservices personnel by providing the user's activity plan and a lastknown GPS location of the computing device 102 in addition to making theuser's health record information accessible to the first responders.

FIGS. 3A and 3B illustrate example GUIs of an example first responderhealth record application. In the example shown in FIG. 3A, the firstresponder health record application GUI 300 includes accessed healthrecord data 302 a and 302 b for two individuals, Gabriel Smith 302 a andDan Jones 302 b. Each health record 302 a and 302 b includes, forexample, the name of the individual whose health record is displayed,the individual's vital signs 306 (e.g., pulse and blood pressure if theindividual has a medical monitoring device paired with their user healthrecord application), a list of the individual's allergies 308, a list ofthe individual's current medications 310, the individual's medicalhistory 312, and, optionally, a photograph 314 of the individual. Forexample, Dan 302 b has not yet incorporated a photograph 316 with hismedical record data, however, Gabriel 302 a has done so. In addition,the health record data 302 a and 302 b also may include information suchas emergency contact data, (e.g., a spouse or parent's contactinformation), an individual's primary care provider, any specialiststhat the individual is seeing, and/or the individual's health insuranceinformation.

In some implementations the health records 302 a and 302 b may have beenaccessed on-scene from a single vehicle in which each Gabriel and Danwere occupants (i.e., from a vehicle-based computing device 152), fromtwo separate vehicles (e.g., Gabriel's car and Dan's truck), or from oneor both individuals' personal computing device(s) 102. In someimplementations, the first responders may have been able to access thehealth records 302 a and 302 b in route to the scene from cloud-baseddata storage 110.

In the example shown in FIG. 3B, the first responder health recordapplication GUI 350 provides first responders with a selectable list ofaccident notifications for which health record data is available for atleast one individual involved (e.g., a list as shown may be available ina cloud-based data storage implementation from the management system104). GUI 350 includes an accident search radius dropdown box 352 and alist of accident notifications 354 within the selected search radius.Each entry in the list of accident notifications 354 includes a name ofan individual for whom health record data is available 356, an activityin which the individual was involved before the accident 358, a locationof the accident 360 (or last known location of the computing device 102or 152), and the individual's vital signs 363. For example, GabrielSmith (row 364) has been involved in a vehicle accident at 101 MainStreet and has a medical monitoring device indicating that his pulse is82 and his blood pressure is 130/89. As another example, Sara Baker (row366) was involved in a rock climbing accident at the last known GPSlocation 38° 14′30″ N, 78° 43′31″W (in Shenandoah National Park) and hasa medical monitoring device indicating that her pulse is 72 and herblood pressure is 120/80.

FIGS. 4A and 4B are flow charts of a process for providing a user'shealth record data to emergency service personnel. The process may beperformed, in whole or in part, by a computing device such as, forexample, computing device 102 or management server 104 of FIG. 1A.Referring to FIG. 4A, during process 400 a computing device detects anindication of a user activity (402). An indication of a user activitymay, for example, include a combination of motion inputs of variousmagnitudes received by the computing device. Alternatively or inaddition, an indication of a user activity may include, for example, GPSdata such as a location, speed, and/or acceleration. The indication maybe compared to one or more threshold values to determine whether theindication is an activity with a significant risk of accidents and forwhich a user's health record data should be made available. Thethreshold values may be, for example, based on statistical modelsdescribing the expected motion/GPS inputs for various activities. Forexample, a threshold value may be GPS indicated speed greater than 8 mph(e.g., the average human running speed). Such a speed may indicate thata user is biking, driving, etc. A GPS location indicating that the useris within a body of water may be, for example, a threshold valueindicating that a user is boating. A threshold value also may be, forexample, a series of acceleration/rotation inputs received insuccession. In addition, the indication may be required to persist for aspecified period to avoid false positive indications. For example, themotion input received while a user is mountain biking may be similar tothe motion input received if the computing device is dropped. To avoididentifying a drop as a user activity, the computing device may requirethe motion input to persist for several seconds before determining thatthe motion input is a user activity.

In some implementations, it may be possible to match activityindications to specific activities, for example, based on activityprofiles. A GPS location placing the user within a body of water may,for example, be recognized as a boating activity. In addition, someimplementations may allow the user to generate custom activity thresholdvalue profiles and calibrate the computing device to recognizeindications of activities customized to the user by, for example,performing an activity while the computing device receives and recordsvarious motion and GPS inputs and then associating the inputs the typeof activity. In some implementations, the computing device may allow auser to manually indicate the start of a user activity (e.g., via avoice command, touch screen input, keypad input, or other appropriateinput).

Based on detecting an indication of a user activity, the computingdevice makes a user's health record data available to first responders(404). The computing device may, for example, have to access the user'shealth record data from a health record database or digital repository.The computing device then may temporarily store the user's health recorddata in format and location such that the health record data is morereadily available. For example, the computing device may store thehealth record data in a secure digital storage container on thecomputing device itself. Alternatively or in addition, the computingdevice may cause the health record data to be stored in a cloud-basedsecure digital storage container.

If the computing device detects an indication of an accident (406), thecomputing device provides the health record data to the first responder(408). An indication of an accident may include, for example, acombination of motion inputs of various magnitudes received by thecomputing device. Alternatively or in addition, an indication of a useractivity may include, for example, GPS data such as a location, speed,and/or acceleration. The indication may be compared to one or moreaccident threshold values to determine whether the inputs may properlybe identified as an accident. The accident threshold values may be, forexample, based on statistical models describing the expected motion/GPSinputs for various types of accidents. In addition, the accidentthreshold values may be modified based on a particular activity in whicha user is engaged. For example, motion/GPS inputs occurring during avehicle accident would be expected to be more severe than thoseoccurring during a biking accident. In addition, a minor fender bendermay, for example, result in motion/GPS inputs that equivalent to thosereceived during a biking accident. False accident indication may beavoided by modifying the accident threshold values when a user isindicated to be engaged in an activity associated with more severaccidents, for example, riding in an automobile. Similarly, accidentsthat otherwise may not be detected may be more readily or more oftendetected by modifying the accident threshold values when a user isindicated to be engaged in an activity associated with less severaccidents, for example, riding a bicycle.

In some implementations, the computing device may include or be pairedwith a medical monitoring device. In such implementations, an indicationof an accident may include an indication that one or more of the user'svital signs have crossed a threshold value (e.g., an unusually lowpulse, or an unusual blood pressure). In addition, in someimplementations the computing device may allow a user to manuallyindicate that the user has been involved in an accident (e.g., via avoice command, touch screen input, keypad input, or other appropriateinput). In such implementations (i.e., implementations including a vitalsign based accident indication and/or implementations allowing a user tomanually indicate that an accident has occurred), it may be desirablefor the computing device to be receptive to the accident indication evenwhen the user has not been identified as being engaged in an activity.In these implementations, based on receiving a vital sign based accidentindication or a manual accident indication; the computing device maycause the user's health record to be made available to first responders(see step 404 above).

Referring now to FIG. 4B, to provide the health record to the firstresponder (408), the computing device makes the health record dataaccessible to the first responder (408A). For example, until anindication of an accident is received, the health record data may bestored in such a manner or format that it may not be accessed by othercomputing devices or the user (e.g., it may be stored with appropriateprivacy settings, stored in an encrypted format, flagged as private,and/or stored as a hidden file). After an indication of an accident isdetected, the state of the health record data may be appropriatelychanges such that the health record data is made accessible to firstresponders. In some implementations, the health record data may belocked in the secure digital storage container(s) such that it will notbe inappropriately deleted or modified prior to being accessed by firstresponders.

Optionally, the computing device transmits a notification of theaccident to emergency services (408B). In some implementations, thecomputing device may, upon receiving an indication of an accident,transit a request for emergency services to an appropriate emergencyservices dispatch location. The request may include, for example, thelocation of the computing device or last known location (e.g., in theevent that the computing device is damaged in the accident).

The computing device establishes communication with a second computingdevice (408C). Communications between the two computing devices may beestablished, for example, via short-range wireless communication (e.g.,Bluetooth or NFC) and/or through a network (e.g., a wireless cellularnetwork, a WLAN or Wi-Fi network, a 3G or 4G mobile telecommunicationsnetwork). The computing device then may authenticate the secondcomputing device as being a licensed first responder computing device(408D). For example, a first responder health record applicationoperating on the second computing device may send authenticationinformation to a user computing device which may be validated by acorresponding user health record application operating on the usercomputing device. Similarly, for example, a first responder healthrecord application operating on the second computing device may sendauthentication information to a management system computing device whichmay be validated by a corresponding management health record applicationoperating on the management system computing device.

The computing device sends the user's health record data to theauthenticated second computing device (408E). Upon successfullyauthenticating the second computing device the health record data issent to the second computing device for display in a first responderhealth record application, for example. The computing device changes thestate of the user's health record data so that the health record datacannot be accessed (408F). In order to, for example, maximize thesecurity of a user's health record data, the computing device changesthe state of the stored health record data so that the health recorddata can no longer be accessed. The computing device may change thestate of the health record data by securely removing the health recorddata from the secure digital storage container, for example, by deletingthe health record data or by overwriting the user's health record datawith zeros. The computing device may change the state of the healthrecord data after the expiration of a specified period of time from whenthe accident indication was received (e.g., two hours after receivingthe accident indication). In some implementations, the computing devicemay change the state of the health record data after it has beenaccessed by an authenticated second computing device, for example.

Referring again to FIG. 4A, if the computing device does not detect anindication of an accident (406), the computing device may detect anindication that the user is no longer engaged in the activity (410). Anindication that a user is no longer engaged in the activity may include,for example, the cessation of the previously received indication of theactivity for a specified period of time. For example, the computingdevice may require that motion/GPS input indicating the activity mustcease for several minutes to be considered an indication that the useris no longer engaged in the activity. For instance, if a user werebiking in a city and stopped at a red street light, it would not beappropriate to identify the brief cessation of motion/GPS input as anindication that the user is no longer engaged in the activity. However,when the user arrives at her destination and the biking motion/GPS inputceases for an extended period of time it would be appropriate toidentify the cessation of motion/GPS input as an indication that theuser is no longer engaged in the activity.

Upon detecting the indication that the user is no longer engaged in theactivity, the computing device changes the state of the user's healthrecord data so that the health record data cannot be accessed (412). Inorder to, for example, maximize the security of a user's health recorddata, the computing device changes the state of the stored health recorddata so that the health record data can no longer be accessed. Thecomputing device may change the state of the health record data bysecurely removing the health record data from the secure digital storagecontainer, for example, by deleting the health record data or byoverwriting the user's health record data with zeros.

FIGS. 5A and 5B are flow charts of a process for providing a user'shealth record data to emergency service personnel. The process may beperformed, in whole or in part, by a computing device such as, forexample, computing device 152 or management server 104 of FIG. 1B.Referring to FIG. 5A, during process 500 a computing device detects anindication that an occupant has entered a vehicle (502) and identifiesthe occupant (504). The computing device may establish short-rangecommunication (e.g., Bluetooth or NFC) with the occupant's personalcomputing device (e.g., a cellular telephone, smartphone, personaldigital assistant, medical monitoring device, or other appropriatedevice) when the occupant enters the vehicle. The computing device thenmay indicate to the occupant's personal computing device that thecomputing device is capable of storing the occupant's health recorddata. The computing device then may receive identification informationfor the occupant form the occupant's personal computing device.

In some implementations, the indication that the occupant has enteredthe vehicle and the data identifying the occupant may include a digitalidentification embedded in a key to start the vehicle, for example. Thecomputing device may receive the occupant's digital identification whenthe occupant starts the vehicle. In some implementations the indicationthat the occupant has entered the vehicle and the data identifying theoccupant may include a machine readable tag (e.g., a radio frequencyidentification (RFID) tag or other appropriate device) including adigital identification of the occupant. For example, the computingdevice may read occupant's digital identification from the machinereadable tag (e.g., a card in the occupant's wallet or a tag on theoccupant's key chain) when the occupant enters the vehicle.

The computing device accesses the occupant's health record data (506),and makes a user's health record data available to first responders(508). The computing device may, for example, have to access the user'shealth record data from a health record database or digital repository.The computing device then may temporarily store the user's health recorddata in a format and a location such that the health record data is morereadily available. For example, the computing device may store thehealth record data in a secure digital storage container on thecomputing device itself. Alternatively or in addition, the computingdevice may cause the health record data to be stored in a cloud-basedsecure digital storage container

If the computing device detects an indication of an accident (510), thecomputing device provides the health record data to the first responder(512). An indication of an accident may include, for example, anindication that the vehicle's airbag has deployed or a combination ofmotion inputs of various magnitudes received by the computing device.Alternatively or in addition, an indication of a user activity mayinclude, for example, GPS data such as a location, speed, and/oracceleration. The indication may be compared to one or more accidentthreshold values to determine whether the inputs may properly beidentified as an accident. The accident threshold values may be, forexample, based on statistical models describing the expected motion/GPSinputs for various types of accidents.

In some implementations, the computing device may include or be pairedwith a medical monitoring device. In such implementations, an indicationof an accident may include an indication that one or more of the user'svital signs have crossed a threshold value (e.g., an unusually lowpulse, or an unusual blood pressure). In addition, in someimplementations the computing device may allow a user to manuallyindicate that the user has been involved in an accident (e.g., via avoice command, touch screen input, keypad input, or other appropriateinput). In such implementations (i.e., implementations including a vitalsign based accident indication and/or implementations allowing a user tomanually indicate that an accident has occurred), it may be desirablefor the computing device to be receptive to the accident indication evenwhen the user has not been identified as being engaged in an activity.In these implementations, based on receiving a vital sign based accidentindication or a manual accident indication; the computing device maycause the user's health record to be made available to first responders(see step 506 above).

Referring now to FIG. 5B, to provide the health record to the firstresponder (512), the computing device makes the health record dataaccessible to the first responder (515A). For example, until anindication of an accident is received, the health record data may bestored in such a manner or format that it may not be accessed by othercomputing devices or the user (e.g., it may be stored with appropriateprivacy settings, stored in an encrypted format, flagged as private,and/or stored as a hidden file). After an indication of an accident isdetected, the state of the health record data may be appropriatelychanges such that the health record data is made accessible to firstresponders. In some implementations, the health record data may belocked in the secure digital storage container(s) such that it will notbe inappropriately deleted or modified prior to being accessed by firstresponders.

Optionally, the computing device transmits a notification of theaccident to emergency services (512B). In some implementations, thecomputing device may, upon receiving an indication of an accident,transit a request for emergency services to an appropriate emergencyservices dispatch location. The request may include, for example, thelocation of the computing device or last known location (e.g., in theevent that the computing device is damaged in the accident).

The computing device establishes communication with a second computingdevice (512C). Communications between the two computing devices may beestablished, for example, via short-range wireless communication (e.g.,Bluetooth or NFC) and/or through a network (e.g., a wireless cellularnetwork, a WLAN or Wi-Fi network, a 3G or 4G mobile telecommunicationsnetwork). The computing device then may authenticate the secondcomputing device as being a licensed first responder computing device(512D). For example, a first responder health record applicationoperating on the second computing device may send authenticationinformation to a user computing device which may be validated by acorresponding user health record application operating on the usercomputing device. Similarly, for example, a first responder healthrecord application operating on the second computing device may sendauthentication information to a management system computing device whichmay be validated by a corresponding management health record applicationoperating on the management system computing device.

The computing device sends the user's health record data to theauthenticated second computing device (512E). Upon successfullyauthenticating the second computing device the health record data issent to the second computing device for display in a first responderhealth record application, for example. The computing device changes thestate of the user's health record data so that the health record datacannot be accessed (512F). In order to, for example, maximize thesecurity of a user's health record data, the computing device changesthe state of the stored health record data so that the health recorddata can no longer be accessed. The computing device may change thestate of the health record data by securely removing the health recorddata from the secure digital storage container, for example, by deletingthe health record data or by overwriting the user's health record datawith zeros. The computing device may change the state of the healthrecord data after the expiration of a specified period of time from whenthe accident indication was received (e.g., two hours after receivingthe accident indication). In some implementations, the computing devicemay change the state of the health record data after it has beenaccessed by an authenticated second computing device, for example.

Referring again to FIG. 5A, if the computing device does not detect anindication of an accident (510), the computing device may detect anindication that the occupant has exited the vehicle (514). For example,the computing device may lose short-range communications with theoccupant's personal computing device or the range between the computingdevice and the occupants personal computing device may exceed aspecified threshold distance (e.g., based on a measured received signalstrength). In some implementations, the indication may include anindication that the occupant has turned the vehicle off or removed a keyfrom the ignition, for example.

Upon detecting the indication that the occupant has exited the vehicle,the computing device changes the state of the user's health record dataso that the health record data cannot be accessed (516). In order to,for example, maximize the security of a user's health record data, thecomputing device changes the state of the stored health record data sothat the health record data can no longer be accessed. The computingdevice may change the state of the health record data by securelyremoving the health record data from the secure digital storagecontainer, for example, by deleting the health record data or byoverwriting the user's health record data with zeros.

The techniques described herein can be implemented in digital electroniccircuitry, or in computer hardware, firmware, software, or incombinations of them. The techniques can be implemented as a computerprogram product, i.e., a computer program tangibly embodied in aninformation carrier, e.g., in a machine-readable storage device, inmachine-readable storage medium, in a computer-readable storage deviceor, in computer-readable storage medium for execution by, or to controlthe operation of, data processing apparatus, e.g., a programmableprocessor, a computer, or multiple computers. A computer program can bewritten in any form of programming language, including compiled orinterpreted languages, and it can be deployed in any form, including asa stand-alone program or as a module, component, subroutine, or otherunit suitable for use in a computing environment. A computer program canbe deployed to be executed on one computer or on multiple computers atone site or distributed across multiple sites and interconnected by acommunication network.

Method steps of the techniques can be performed by one or moreprogrammable processors executing a computer program to performfunctions of the techniques by operating on input data and generatingoutput. Method steps can also be performed by, and apparatus of thetechniques can be implemented as, special purpose logic circuitry, e.g.,an FPGA (field programmable gate array) or an ASIC (application-specificintegrated circuit).

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer. Generally, aprocessor will receive instructions and data from a read-only memory ora random access memory or both. The essential elements of a computer area processor for executing instructions and one or more memory devicesfor storing instructions and data. Generally, a computer will alsoinclude, or be operatively coupled to receive data from or transfer datato, or both, one or more mass storage devices for storing data, such as,magnetic, magneto-optical disks, or optical disks. Information carrierssuitable for embodying computer program instructions and data includeall forms of non-volatile memory, including by way of examplesemiconductor memory devices, such as, EPROM, EEPROM, and flash memorydevices; magnetic disks, such as, internal hard disks or removabledisks; magneto-optical disks; and CD-ROM and DVD-ROM disks. Theprocessor and the memory can be supplemented by, or incorporated inspecial purpose logic circuitry.

A number of implementations of the techniques have been described.Nevertheless, it will be understood that various modifications may bemade. For example, useful results still could be achieved if steps ofthe disclosed techniques were performed in a different order and/or ifcomponents in the disclosed systems were combined in a different mannerand/or replaced or supplemented by other components. Accordingly, otherimplementations are within the scope of the following claims.

1. A computer implemented method comprising: detecting, by a computingdevice, an indication that an occupant has entered a vehicle;identifying the occupant based on the indication that the occupant hasentered the vehicle; accessing a health record associated with theoccupant; enabling the accessed health record associated with theoccupant to be available from a secure digital storage container; andbased on detecting an indication that the occupant has exited thevehicle, changing the state of the health record in the secure digitalstorage container such that it cannot be accessed.
 2. The computerimplemented method of claim 1, wherein the computing device includes awireless mobile computing device.
 3. The computer implemented method ofclaim 1, wherein the computing device includes a vehicle computer. 4.The computer implemented method of claim 1, wherein enabling theaccessed health record associated with the occupant to be available froma secure digital storage container comprises enabling the accessedhealth record associated with the occupant to be available from a securedigital storage container on the computing device.
 5. The computerimplemented method of claim 1, wherein enabling the accessed healthrecord associated with the occupant to be available from a securedigital storage container comprises enabling the accessed health recordassociated with the occupant to be available from a cloud-based securedigital storage container.
 6. The computer implemented method of claim1, wherein detecting an indication that an occupant has entered avehicle comprises performing near field communication with a mobilecomputing device, and wherein identifying the occupant based on theindication that the occupant has entered the vehicle comprises receivingidentification information from the mobile computing device.
 7. Thecomputer implemented method of claim 6, wherein based on detecting anindication that the occupant has exited the vehicle, changing the stateof the health record in the secure digital storage container such thatit cannot be accessed comprises based on detecting an indication that adistance between the computing device and the mobile computing devicehas exceeded a threshold value, changing the state of the health recordin the secure digital storage container such that it cannot be accessed.8. The computer implemented method of claim 6, wherein based ondetecting an indication that the occupant has exited the vehicle,changing the state of the health record in the secure digital storagecontainer such that it cannot be accessed comprises based on detectingan indication that the computing device has lost near fieldcommunications with the mobile computing device, changing the state ofthe health record in the secure digital storage container such that itcannot be accessed.
 9. The computer implemented method of claim 1,wherein enabling the accessed health record associated with the occupantto be available from the secure digital storage container comprisesenabling the accessed health record associated with the occupant and aphotograph of the occupant to be available from the secure digitalstorage container.
 10. A computer implemented method comprising:detecting, by a computing device, an indication that an occupant hasentered a vehicle; identifying the occupant based on the indication thatthe occupant has entered the vehicle; accessing a health recordassociated with the occupant; enabling the accessed health recordassociated with the occupant to be available from a secure digitalstorage container; and based on detecting an indication that the vehiclehas had a collision, providing the health record associated with theoccupant to a second computing device registered to a first responderfrom the secure digital storage container.
 11. The computer implementedmethod of claim 10, wherein based on detecting an indication that thevehicle has had the collision, providing the health record associatedwith the occupant to the first responder from the secure digital storagecontainer comprises based on detecting an indication that an airbag inthe vehicle has deployed, providing the health record associated withthe occupant accessible to the first responder from the secure digitalstorage container.
 12. The computer implemented method of claim 10,wherein based on detecting an indication that the vehicle has had thecollision, providing the health record associated with the occupant tothe first responder from the secure digital storage container comprisesbased on detecting an indication that the vehicle has had the collision,providing the health record associated with the occupant to a secondcomputing device from the secure digital storage container, the secondcomputing device being identified as licensed to the first responder.13. The computer implemented method of claim 10 wherein based ondetecting an indication that the vehicle has had the collision,providing the health record associated with the occupant from the securedigital storage container to a first responder comprises based ondetecting an indication that the vehicle has had the collision: makingthe health record associated with the occupant accessible by the secondcomputing device registered to the first responder from the securedigital storage container; providing the health record associated withthe occupant to the second computing device registered to the firstresponder from the secure digital storage container; and changing thestate of the health record associated with the occupant in the securedigital storage container such that the health record associated withthe occupant can no longer be accessed.
 14. The computer implementedmethod of claim 13, wherein changing the state of the health recordassociated with the occupant in the secure digital storage containersuch that the health record associated with the occupant can no longerbe accessed comprises changing the state of the health record associatedwith the occupant in the secure digital storage container such that thehealth record associated with the occupant can no longer be accessedafter a predetermined period of time from detecting the indication thatthe vehicle has had the collision.
 15. The computer implemented methodof claim 10, wherein based on detecting an indication that the vehiclehas had the collision, providing the health record associated with theoccupant to the first responder from the secure digital storagecontainer includes: receiving data indicating at least one of theoccupant's vital signs; and providing the data indicating at least oneof the occupant's vital signs to the first responder.
 16. The computerimplemented method of claim 10, wherein the computing device includes avehicle computer.
 17. The computer implemented method of claim 10,wherein enabling the accessed health record associated with the occupantto be available from a secure digital storage container comprisesenabling the accessed health record associated with the occupant to beavailable from a secure digital storage container on the computingdevice.
 18. The computer implemented method of claim 10, whereinenabling the accessed health record associated with the occupant to beavailable from a secure digital storage container comprises enabling theaccessed health record associated with the occupant to be available froma cloud-based secure digital storage container.
 19. The computerimplemented method of claim 10, wherein detecting an indication that anoccupant has entered a vehicle comprises performing near fieldcommunication with a mobile computing device, and wherein identifyingthe occupant based on the indication that the occupant has entered thevehicle comprises receiving identification information from the mobilecomputing device.
 20. A system comprising: one or more computers and oneor more storage devices storing instructions that are operable, whenexecuted by the one or more computers, to cause the one or morecomputers to perform operations comprising:: detecting, by a computingdevice, an indication that an occupant has entered a vehicle;identifying the occupant based on the indication that the occupant hasentered the vehicle; accessing a health record associated with theoccupant; enabling the accessed health record associated with theoccupant to be available from a secure digital storage container; andbased on detecting an indication that the vehicle has had a collision,providing the health record associated with the occupant to a secondcomputing device registered to a first responder from the secure digitalstorage container.